Enabling Expired Password changes through Outlook Web App

This feature was introduced in Exchange Server 2007 SP3. It allows any new user with the setting User must change password at next logon to use OWA to change an expired password.

  1. Log on to the Client Access Server
  2. Click on Start, Run and type in regedit and click on OK
  3. Expand HKEY_LOCAL_Machine
  4. Expand System
  5. Expand CurrentControlSet
  6. Expand Services
  7. Click on MSExchange OWA
  8. Right-click on the right hand side pane, click on New  and then DWORD (32 bit) value
  9. Let’s name the key ChangeExpiredPasswordEnabled and its value will be 1, as shown in Figure 03

Description: http://www.andersonpatricio.org/Tutoriais/Exchange2007/ap991_03.png
Figure 03

After the changes, restart IIS using IISReset /noforce and start using the new feature. In order to do the test let’s create a new user. Make sure that the attribute change password at next logon is set and try to logon using OWA (Figure 04).

Description: C:\\\\Users\\\\anderson.patricio\\\\Documents\\\\MSExchange.org\\\\In production\\\\owa-01.PNG
Figure 04

Type in the username, current password and new password, then Outlook Web App will inform you that the new password was set and your user is good to go (Figure 05). Just need to click OK and use the new credentials to get access to Outlook Web App.

Description: C:\\\\Users\\\\anderson.patricio\\\\Documents\\\\MSExchange.org\\\\In production\\\\owa-02.PNG
Figure 05

I wrote this script for an Exchange Server 2007 SP3 article, but it can be used in Exchange Server 2010 SP1 as well. Make sure that you save the content below in a file with an extension .ps1. Run it from a PowerShell session and the script will add the ChangeExpiredPasswordEnabled registry change and restarts your IIS.

Write-Host "Adding ChangeExpiredPasswordEnable key in the registry…"

New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\MSExchange OWA" -Name "ChangeExpiredPasswordEnabled" -Value 1 -PropertyType "DWord"

Write-Host "Restarting IIS using /noforce option.."

IISReset /noforce

dpejic has written 84 articles

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>